Skip to content

Instantly share code, notes, and snippets.

@DRN88
Created May 9, 2017 14:20
Show Gist options
  • Save DRN88/53c3116de8e7058d03c5fa8bc48fb7db to your computer and use it in GitHub Desktop.
Save DRN88/53c3116de8e7058d03c5fa8bc48fb7db to your computer and use it in GitHub Desktop.
An example OpenSSL Config for quick CSR generation
#
# 1. Edit Certificate details in this file
# 2. Always Generate a new 4096 strong private key for a new CSR:
# openssl genrsa -out <FQDN-NAME-HERE>.key 4096
# 3. Generate new CSR:
# openssl req -config <FQDN-NAME-HERE>.conf -new -key <FQDN-NAME-HERE>.key -out <FQDN-NAME-HERE>.csr
#
###
### DO NOT EDIT THIS SECTION
###
[ req ]
prompt = no
default_bits = 4096
default_md = sha256
distinguished_name = req_distinguished_name
req_extensions = v3_req
x509_extensions = usr_cert
[ v3_req ]
basicConstraints = critical,CA:FALSE
nsCertType = client,server
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @alt_names
###
### EDIT FROM HERE
###
[ req_distinguished_name ]
C = GB
ST = Greater London
L = London
O = MyOrganization
OU = MyOrgUnit
CN = <SERVER-NAME-HERE>.mydomain.local
[ usr_cert ]
basicConstraints = critical,CA:FALSE
nsCertType = client,server
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = <CNAME>.mydomain.local
DNS.2 = <OTHERCNAME>.mydomain.local
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment